public HttpResponseMessage RegisterUser(UserDto value) { BloggingSystemContext context = null; try { context = new BloggingSystemContext(); this.ValidateUserIdentifier( value.Username, "Username", MinUsernameLength, MaxUsernameLength, ValidUsernameCharacters); this.ValidateUserIdentifier( value.DisplayName, "Display name", MinDisplayNameLength, MaxDisplayNameLength, ValidDisplayNameCharacters); this.ValidateAuthCode(value.AuthCode); var user = context.Users.FirstOrDefault( u => u.Username == value.Username || u.DisplayName == value.DisplayName); if (user != null) { throw new InvalidOperationException("User already exists."); } user = new User() { Username = value.Username, DisplayName = value.DisplayName, AuthCode = value.AuthCode }; context.Users.Add(user); context.SaveChanges(); user.SessionKey = this.GenerateSessionKey(user.Id); context.SaveChanges(); var loggedUserDto = new LoggedUserDto() { DisplayName = user.DisplayName, SessionKey = user.SessionKey }; var response = Request.CreateResponse(HttpStatusCode.Created, loggedUserDto); return response; } catch (Exception ex) { var errorResponse = Request.CreateErrorResponse(HttpStatusCode.BadRequest, ex.Message); throw new HttpResponseException(errorResponse); } finally { if (context != null) { context.Dispose(); } } }
public HttpResponseMessage LoginUser(UserDto value) { BloggingSystemContext context = null; try { context = new BloggingSystemContext(); this.ValidateUserIdentifier( value.Username, "Username", MinUsernameLength, MaxUsernameLength, ValidUsernameCharacters); this.ValidateAuthCode(value.AuthCode); var user = context.Users.FirstOrDefault( u => u.Username == value.Username && u.AuthCode == value.AuthCode); if (user == null) { throw new InvalidOperationException("Invalid username or password."); } if (user.SessionKey == null || user.SessionKey.Length != SessionKeyLength) { user.SessionKey = this.GenerateSessionKey(user.Id); context.SaveChanges(); } var loggedUserDto = new LoggedUserDto() { DisplayName = user.DisplayName, SessionKey = user.SessionKey }; var response = Request.CreateResponse(HttpStatusCode.Accepted, loggedUserDto); return response; } catch (Exception ex) { var errorResponse = Request.CreateErrorResponse(HttpStatusCode.BadRequest, ex.Message); throw new HttpResponseException(errorResponse); } finally { if (context != null) { context.Dispose(); } } }
public void TestLogoutUser_SessionKeyIsNull_ShouldReturnOK() { var loggedUser = new LoggedUserDto { DisplayName = "Peter Petroff", SessionKey = null }; var headers = new Dictionary<string, string>(); headers["X-SessionKey"] = loggedUser.SessionKey; var logoutResult = httpServer.Put("api/users/logout", headers); Assert.AreEqual(HttpStatusCode.BadRequest, logoutResult.StatusCode); }